Skip to consent manager Skip to main content Skip to search Skip to category navigation Skip to footer

Privacy

Data Controller

The data controller is:
Heldenpferde UG
Am Pochwerk 1
51580 Reichshof
Email: info@heldenpferde.com

We appreciate your interest in our online shop. Protecting your privacy is very important to us. Below, we inform you in detail about how we handle your data.

1. ACCESS DATA AND HOSTING

You can visit our websites without disclosing any personal information. Each time you access a website, the web server automatically stores a so-called server log file, which contains the name of the requested file, your IP address, date and time of the request, transferred data volume, and the requesting provider (access data) and documents the request. This access data is evaluated exclusively for the purpose of ensuring the smooth operation of the site and improving our services. This serves to protect our legitimate interests in the proper presentation of our offering, which prevail in the context of balancing interests in accordance with Art. 6 para. 1 sentence 1 lit. f of the GDPR. All access data is deleted no later than seven days after the end of your site visit.

Hosting

The services for hosting and displaying the website are partially provided by our service providers within the framework of processing on our behalf. Unless otherwise explained in this privacy policy, all access data and all data collected in forms provided on this website are processed on their servers. If you have any questions about our service providers and the basis of our cooperation with them, please contact us at the address provided in this privacy policy.

2. DATA PROCESSING FOR CONTRACT PROCESSING AND FOR CONTACTING

2.1 Data Processing for Contract Processing

For the purpose of contract processing under Art. 6 para. 1 sentence 1 lit. b of the GDPR, we collect personal data if you voluntarily provide it to us in the course of your order. Required fields are marked as such because, in these cases, we require the data to process the contract, and without it, we cannot send the order. The data collected can be seen in the respective input forms.

For further information on how we process your data, particularly concerning the transmission to our service providers for order processing, payment processing, and shipping, please see the subsequent sections of this privacy policy. Once the contract has been fully processed, your data will be restricted for further processing and deleted after the retention periods under tax and commercial law have expired, unless you have expressly consented to further use of your data under Art. 6 para. 1 sentence 1 lit. a of the GDPR or we reserve the right to use your data for purposes permitted by law, about which we inform you in this policy.

2.2 Customer Account

If you have given your consent under Art. 6 para. 1 sentence 1 lit. a of the GDPR, by choosing to open a customer account, we use your data for the purpose of opening the customer account and for storing your data for future orders on our website. You can delete your customer account at any time by either notifying us via the contact option described in this privacy policy or by using the deletion function provided in the customer account. After deleting your customer account, your data will be deleted unless you have expressly consented to further use of your data under Art. 6 para. 1 sentence 1 lit. a of the GDPR or we reserve the right to use your data for purposes permitted by law, which we inform you about in this policy.

2.3 Contacting

In the context of customer communication, we collect personal data to process your inquiries under Art. 6 para. 1 sentence 1 lit. b of the GDPR if you voluntarily provide this data to us when contacting us (e.g., via a contact form, live chat tool, or email). Required fields are marked as such because, in these cases, we need the data to process your contact request. The specific data collected is apparent from the respective input forms. Once your request has been fully processed, your data will be deleted unless you have expressly consented to further use of your data under Art. 6 para. 1 sentence 1 lit. a of the GDPR or we reserve the right to use your data for purposes permitted by law, which we inform you about in this policy.

3. DATA PROCESSING FOR SHIPPING PURPOSES

To fulfill the contract under Art. 6 para. 1 sentence 1 lit. b of the GDPR, we transmit your data to the shipping service provider responsible for delivery as far as it is necessary for the delivery of ordered goods.

Forwarding Data to Shipping Service Providers for Shipment Notification

If you have given us your express consent during or after your order, we will provide your email address and telephone number to the selected shipping service provider under Art. 6 para. 1 sentence 1 lit. a of the GDPR so that they can contact you prior to delivery for the purpose of delivery notification or coordination. Consent may be withdrawn at any time by contacting the contact option provided in this privacy policy or directly through the shipping service provider at the following contact address. After revocation, we delete your provided data unless you have expressly consented to further use of your data or we reserve the right to use your data for purposes permitted by law, which we inform you about in this policy.

DHL Paket GmbH
Sträßchensweg 10
53113 Bonn
Germany

4. DATA PROCESSING FOR PAYMENT PROCESSING

For processing payments in our online shop, we collaborate with the following partners: technical service providers, credit institutions, and payment providers.

4.1 Data Processing for Transaction Handling

Depending on the payment method selected, we transfer the data required for handling the payment transaction to our technical service providers, who work on our behalf, or to the designated credit institution or selected payment provider, as needed to process the payment. This data processing is necessary for the performance of the contract under Art. 6 para. 1 sentence 1 lit. b GDPR. In some cases, the payment providers collect the required data for the payment process themselves, e.g., on their own website or through a technical integration in the order process. The privacy policy of the respective payment provider applies in these cases. For questions about our payment processing partners and the basis of our cooperation with them, please contact us at the details provided in this privacy policy.

4.2 Data Processing for Fraud Prevention and Payment Optimization

To prevent fraud and optimize payment processes, we may provide additional data to our service providers, who, in conjunction with the necessary payment data, act as our processors. They use this data for fraud prevention and to optimize payment processes (e.g., invoicing, managing contested payments, supporting accounting). This processing is carried out to protect our legitimate interests in preventing fraud or efficient payment management, which prevail in the context of balancing interests, under Art. 6 para. 1 sentence 1 lit. f GDPR.

4.3 Identity and Credit Checks for Klarna Payment Services

Direct Debit via Klarna, Purchase on Account via Klarna, Klarna Financing
If you choose Klarna Bank AB (publ.), Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter referred to as "Klarna") payment services, we request your consent per Art. 6 para. 1 sentence 1 lit. a GDPR to transfer the data necessary for processing the payment and identity and credit check to Klarna. In Germany, the credit check may include the credit agencies named in Klarna’s privacy policy [https://cdn.klarna.com/1.0/shared/content/legal/terms/0/en_us/privacy]. The information received regarding the statistical probability of non-payment is used by Klarna to make a balanced decision on the establishment, execution, or termination of the contractual relationship. You may withdraw your consent at any time by contacting the contact option provided in this privacy policy. This may limit the payment options we can offer you. You can also revoke your consent to the use of personal data for this purpose at any time with Klarna.

4.4 Identity and Credit Checks for BillPay Payment Services (Operated by Klarna Bank AB)

If you choose BillPay’s payment services (provided by Klarna Bank AB (publ.), Sveavägen 46, 111 34 Stockholm, Sweden, hereinafter referred to as "BillPay"), we request your consent per Art. 6 para. 1 sentence 1 lit. a GDPR to transfer the data necessary for payment processing and identity and credit check to BillPay. In Germany, credit checks may include the credit agencies mentioned in BillPay’s privacy policy [https://www.billpay.de/en/terms]. BillPay uses this information to make a balanced decision on the establishment, execution, or termination of the contractual relationship. You may revoke your consent at any time by contacting us via the options provided in this privacy policy. This may limit the payment options available. You may also withdraw consent for the use of your data for this purpose directly with BillPay.

4.5 Identity and Credit Checks for Purchase on Account via PayOne

If you select the payment method “purchase on account” provided by PayOne GmbH, Lyoner Str. 9, 60528 Frankfurt a. M., Germany, hereinafter referred to as "PayOne," we request your consent under Art. 6 para. 1 sentence 1 lit. a GDPR to transfer the data required for processing the payment and identity and credit check to PayOne. In Germany, credit checks may include the credit agencies listed in PayOne’s privacy policy [https://a.storyblok.com/f/64176/x/b6e0586777/payone-information-zu-datenverarbeitung-gemass-art-13-dsgvo-0220-1.pdf]. PayOne uses this data for a balanced decision on establishing, carrying out, or terminating the contract. You may revoke your consent at any time via the contact options provided in this privacy policy, which may affect the available payment options.

5. EMAIL MARKETING

5.1 Email Newsletter with Registration

If you subscribe to our newsletter, we use the data required for this purpose or separately provided by you to send you our email newsletter regularly based on your consent per Art. 6 para. 1 sentence 1 lit. a GDPR. You may unsubscribe from the newsletter at any time, either by notifying us via the contact option mentioned below or by clicking the link provided in the newsletter. After unsubscribing, we delete your email address from the recipient list, unless you have expressly consented to further use of your data under Art. 6 para. 1 sentence 1 lit. a GDPR or we reserve the right to use your data for other legally permissible purposes, about which we inform you in this policy.

5.2 Newsletter Dispatch

The newsletter may also be sent by our service providers within the framework of processing on our behalf. For questions about our service providers and the basis of our cooperation with them, please contact us via the contact options provided in this privacy policy.

Our service providers are based and/or use servers located in the USA and India. For these countries, there is no adequacy decision from the European Commission. Our cooperation with them is based on the European Commission's standard data protection clauses.

Our service providers are based and/or use servers in the following countries, for which the European Commission has established an adequate level of data protection: Canada.

5.3 Requesting Reviews by Email

If you have given us your express consent during or after your order, we use your email address to request a review of your order using the review system we use. This consent can be revoked at any time by contacting us via the options provided in this privacy policy or by clicking the link in the review request.

Review requests may also be sent by our service providers as part of processing on our behalf. For questions about our service providers and the basis of our cooperation with them, please contact us via the contact options provided in this privacy policy.

6. COOKIES AND OTHER TECHNOLOGIES

6.1 General Information

To make visiting our website attractive and to enable the use of certain functions, we use various technologies, including cookies, on different pages. Cookies are small text files stored on your device. Some of the cookies we use are deleted after the browser session ends (so-called session cookies). Other cookies remain on your device and enable us to recognize your browser the next time you visit (persistent cookies).

We use these technologies only to enable certain features of our website (e.g., cart function). Through these technologies, your IP address, visit time, device and browser information, and information about your use of our website (e.g., cart contents) are collected and processed. This processing is based on our legitimate interests in providing an optimized representation of our offering, as per Art. 6 para. 1 sentence 1 lit. f GDPR.

Additionally, we use technologies to comply with our legal obligations (e.g., to document consent for processing your data). For further information, including the legal basis for data processing, please refer to the following sections of this privacy policy.

The cookie settings for your browser can be found under the following links:

If you have given your consent for the use of technologies per Art. 6 para. 1 sentence 1 lit. a GDPR, you may revoke it at any time via a message sent to the contact information provided in this privacy policy. Alternatively, you may follow this link: https://shop.heldenpferde.com/Kontakt. If cookies are not accepted, the functionality of our website may be limited.

6.2 Using Borlabs for Managing Consent

We use the Borlabs Cookie Plugin (“Borlabs”) to inform you about the cookies and other technologies on our website and to obtain, manage, and document your consent to process your personal data through these technologies. This is necessary to fulfill our legal obligation under Art. 7 para. 1 GDPR. Borlabs is provided by Borlabs - Benjamin A. Bornschein, Georg-Wilhelm-Str. 17, 21107 Hamburg, Germany. Upon visiting our website, Borlabs stores a Borlabs cookie on the web server containing information about cookie duration, version, device and browser information, and your consent behavior. No personal data is transferred to Borlabs. Your data is deleted after one year unless you have expressly consented to further use of your data per Art. 6 para. 1 sentence 1 lit. a GDPR, or we reserve the right to use your data for other legally permissible purposes, about which we inform you in this policy.

7. USE OF COOKIES AND OTHER TECHNOLOGIES FOR WEB ANALYSIS AND ADVERTISING PURPOSES

If you have provided your consent under Art. 6 para. 1 sentence 1 lit. a GDPR, we use the following cookies and other third-party technologies on our website. After the purpose of the technology ends, the data collected in this context is deleted. You may withdraw your consent at any time with future effect. Further information on withdrawal options can be found in the section "Cookies and other technologies." For more details, including the legal basis for our collaboration with individual providers, refer to the respective technologies. For questions about providers and the basis for our collaboration, please contact us using the contact details in this privacy policy.

7.1 Use of Google Services for Web Analysis and Advertising Purposes

We use the following technologies provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Information automatically collected by Google’s technologies about your usage of our website is typically transmitted to a Google LLC server at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, and stored there. There is no adequacy decision by the European Commission for the USA. Our collaboration with them is based on standard data protection clauses approved by the European Commission. When the Google technologies collect IP addresses, these are shortened through IP anonymization before storage on Google’s servers. Only in exceptional cases will the full IP address be transmitted to a Google server and shortened there. Unless otherwise specified, data processing is based on an agreement between jointly responsible parties per Art. 26 GDPR. Additional information about data processing by Google can be found in Google’s privacy notices [https://policies.google.com/privacy?hl=en].

Google Analytics

For website analysis purposes, data (IP address, time of visit, device and browser information, and data on your website usage) is automatically collected and stored with Google Analytics. Pseudonymous usage profiles are created from this data. Cookies may also be used. Your IP address will not be merged with other data from Google. The data processing is based on a contract between us and Google for order processing.

Google reCAPTCHA

For protection against misuse of our web forms and spam by automated software (so-called bots), Google reCAPTCHA collects data (IP address, time of visit, browser information, and data on your website usage) and performs an analysis of your use of our website through JavaScript and cookies. In addition, other cookies stored by Google services in your browser are also evaluated. Personal data from the input fields of the respective form are not read or stored.

7.2 Use of Facebook Services for Web Analysis and Advertising Purposes

Use of Facebook Pixel

We use Facebook Pixel within the framework of the following technologies from Facebook Ireland Ltd [https://en-gb.facebook.com/facebookdublin/]., 4 Grand Canal Square, Dublin 2, Ireland (“Facebook”). Facebook Pixel automatically collects and stores data (IP address, time of visit, device and browser information, and information on your usage of our website based on specified events, e.g., visiting a website or subscribing to a newsletter). Using this data, pseudonymous user profiles are created. Additionally, the so-called extended data matching also collects and stores data that can identify individuals (e.g., names, email addresses, and phone numbers), which are hashed for identification. Upon visiting our website, Facebook Pixel automatically sets a cookie that allows your browser to be recognized across different websites using a pseudonymous cookie ID. Facebook will merge this information with other data from your Facebook account and use it for reporting on website activities and other services, especially for personalized and group-based advertising.

The information collected by Facebook’s technologies about your use of our website is generally transmitted to a server of Facebook, Inc., 1601 Willow Road, Menlo Park, California 94025, USA, where it is stored. There is no adequacy decision by the European Commission for the USA. Our collaboration with them is based on standard data protection clauses approved by the European Commission. More details on data processing by Facebook are available in Facebook’s data privacy policy [https://en-gb.facebook.com/policy.php].

Facebook Analytics

Facebook Ads

Within Facebook Analytics, statistics on user activity on our website are created from the data collected via Facebook Pixel about your website usage. Data processing is based on an order processing agreement with Facebook. These analytics help us display and market our website optimally.

Using Facebook Ads, we advertise this website on Facebook and other platforms. We determine the parameters for each advertising campaign, and Facebook is responsible for implementing it, including decisions on ad placements for individual users. Data processing follows an agreement between jointly responsible parties per Art. 26 GDPR unless specified otherwise for each technology. This responsibility is limited to data collection and transmission to Facebook Ireland, with any subsequent data processing by Facebook Ireland not included.

Using the statistics generated from Facebook Pixel about visitors’ activity on our website, we run group-based advertising on Facebook through Facebook Custom Audience by determining the characteristics of the respective target group. Facebook acts as our processor for defining the respective target group through extended data matching (described above).

Based on the pseudonymous cookie ID set by Facebook Pixel and data collected on your usage of our website, we use Facebook Pixel Remarketing for personalized advertising.

Using Facebook Pixel Conversions, we measure subsequent usage behavior for web analysis and event tracking when you arrive at our website from a Facebook Ads ad. Data processing is based on an order processing agreement with Facebook.

7.3 Other Web Analysis and Online Marketing Providers

Use of Hotjar for Web Analysis

For website analysis, data (IP address, time of visit, device and browser information, and data on your website usage) is automatically collected and stored using technologies from Hotjar Ltd., Level 2, St Julian’s Business Centre, 3, Elia Zammit Street, St Julian’s STJ 3155, Malta (“Hotjar”). Pseudonymous user profiles are created from this data. Cookies may also be used. Without express consent, pseudonymous user profiles are not combined with personal data from the pseudonym holder. Hotjar acts as a processor on our behalf.

Use of Pinterest Tag for Web Analysis and Advertising Purposes

For web analysis and advertising on Pinterest and other websites, Pinterest Europe Ltd [https://www.pinterest.com/], Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland (“Pinterest”), automatically collects and processes data (IP address, time of visit, device and browser information, and information on your website usage based on defined events, e.g., website visits or newsletter sign-ups). Using a pseudonymous cookie ID and the pages you visit, interest-based advertising is enabled. The collected data creates pseudonymous user profiles. Pinterest combines this information with other data from your Pinterest account for reporting website activities and providing other services associated with website usage. We have no control over Pinterest's data processing and only receive statistics generated by Pinterest Tag. Pinterest generally transfers automatically collected information to a server of Pinterest, Inc., 505 Brannan St., San Francisco, CA 94107, USA, where it is stored. There is no adequacy decision by the European Commission for the USA. Our cooperation with them is based on the European Commission's standard data protection clauses. Data processing is based on an agreement between jointly responsible parties per Art. 26 GDPR.

8. SOCIAL MEDIA

8.1 Social Plugins from Facebook, Instagram, Pinterest

Social media buttons from social networks are used on our website. These are integrated into the page only as HTML links, so no connection is made with the servers of the respective provider when the website is accessed. By clicking on one of the buttons, the corresponding social network’s website opens in a new browser window, allowing you to use, for example, the Like or Share button.

8.2 Our Online Presence on Facebook, Instagram, Pinterest

If you have provided consent to the respective social media operator per Art. 6 para. 1 sentence 1 lit. a GDPR, data for market research and advertising purposes is automatically collected and stored when you visit our online presences on the aforementioned social networks. Pseudonymous user profiles are created from this data. These can be used, for example, to place advertisements that may be of interest to you inside and outside the platforms. Cookies are generally used for this purpose. Detailed information on data processing and usage by each social media operator, as well as your rights and settings options to protect your privacy, can be found in the respective providers’ data privacy policies linked below. Should you need further assistance, you may contact us.

  • Facebook [https://www.facebook.com/about/privacy/] is an offering of Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland. Information collected by Facebook Ireland about your use of our online presence on Facebook is usually transferred to a Facebook, Inc. server in the USA and stored there. Our cooperation with Facebook is based on standard data protection clauses approved by the European Commission. Data processing for visits to a Facebook fan page is based on an agreement between jointly responsible parties under Art. 26 GDPR. More information on this (Insights data) is available here.

  • Instagram [https://help.instagram.com/519522125107875] is also provided by Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland. Instagram data processing follows the same privacy standards as Facebook, as described above.

  • Pinterest [https://policy.pinterest.com/en/privacy-policy] is operated by Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland. Information collected by Pinterest about your use of our online presence on Pinterest is generally transmitted to a Pinterest, Inc., server in the USA and stored there. Our collaboration is based on standard data protection clauses by the European Commission.

9. CONTACT OPTIONS AND YOUR RIGHTS

9.1 Your Rights

As a data subject, you have the following rights:

  • Under Art. 15 GDPR, the right to request information on the extent of your personal data processed by us;
  • Under Art. 16 GDPR, the right to request the immediate rectification of inaccurate or completion of incomplete personal data stored by us;
  • Under Art. 17 GDPR, the right to request the erasure of your personal data, except for further processing in cases like the exercise of freedom of expression and information, compliance with a legal obligation, reasons of public interest, or the establishment, exercise, or defense of legal claims;
  • Under Art. 18 GDPR, the right to request the restriction of processing your personal data, provided specific conditions apply, such as data accuracy dispute, unlawful processing objection, etc.;
  • Under Art. 20 GDPR, the right to receive your personal data in a structured, commonly used, and machine-readable format or to request transmission to another controller;
  • Under Art. 77 GDPR, the right to lodge a complaint with a supervisory authority. Generally, you can contact the supervisory authority in your usual place of residence, workplace, or our company headquarters.

Right to Object

Where we process personal data as outlined above to protect our legitimate interests, you may object to this processing with future effect. For processing done for direct marketing purposes, this right may be exercised at any time as outlined above. For other purposes, you may only object if there are grounds arising from your particular situation.

After exercising your right to object, we will stop processing your data for these purposes unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights, and freedoms or if the processing serves to establish, exercise, or defend legal claims.

This does not apply to processing for direct marketing purposes, as we will cease such processing immediately.

9.2 Contact Details

Data Protection Officer: Denise Schulz
Am Pochwerk 1
51580 Reichshof
Germany
denise.schulz@heldenpferde.com

For questions on the collection, processing, or use of your personal data, or to request information, correction, restriction, or deletion of data or the revocation of consents or objections to a specific data use, please contact us directly using the contact details in our legal notice.

Privacy Policy created with Trusted Shops [https://legal.trustedshops.com/] in collaboration with FÖHLISCH Rechtsanwälte [https://foehlisch.com].

Loading ...